An organizations business continuity approach need to be reassessed in a world of high levels of automation, contracting for services and reduced latency. The very definition of foundational terms like ‘work location’, ‘services’ and ‘support’ are changing. Diversity of perspective is likely to be a critical component of any kind of timely, situation response.

“The management of business continuity falls largely within the sphere of risk management, with some cross-over into related fields such as governance, information security and compliance. Risk is a core consideration since business continuity is primarily concerned with those business functions, operations, supplies, systems, relationships etc. that are critically important to achieve the organization's operational objectives. Business Impact Analysis is the generally accepted risk management term for the process of determining the relative importance or criticality of those elements, and in turn drives the priorities, planning, preparations and other business continuity management activities.”

In today’s environment, business impact analysis is becoming ever more technical and the interconnection between environmental factors more complex. We have seen situations recently with program trading that an entire financial institution has been placed at risk when their automated trading responds in an unforeseen fashion or their governance breaks down. We’ll be seeing similar techniques applied throughout organizational processes.

The response to almost any situation can be enabled by techniques like VOIP and other approaches that allow additional levels of abstraction. Simulations can be used to understand the implications of various scenarios as part of business continuity planning.

Having an effective, robust approach to business continuity is part of management, security and many other roles within an organization. It is important to remember that there is a cost for being unable to respond to an incident.

Having an effective, robust approach to business continuity is part of management, security and many other roles within an organization. It is important to remember that there is a cost for being unable to respond to an incident. There are a number of business continuity webinars that bring this issue home.

But the top 5 issues that were of concern to the person taking the survey (page 63) were:

1 Alignment of IT and/with and/with the business

2 Security

3 Talent/skill shortage

4 Business continuity / Disaster Recovery

5 Prioritization process for IT projects

I don’t know about you but this difference of perspective between the individual thinking about the priorities of the group and their own priorities is pretty significant. It looks like the management concerns are value and cost, yet the individuals are concerned more about safety.

This is an interesting survey that with almost 500 senior IT professionals participating across a diverse cross-section of the economy.

I am surprised that IT productivity isn’t pulled out to the same extent that business productivity is for the management concerns. Since that would address some of the talent shortage, cost reduction and controls/quality concerns.

We tend not to think about it much but unpredictable and sometimes even unthinkable -- disasters happens. Mission critical IT systems require mission critical protection, no matter the platform or the supplier who may be operating the underlying hardware. It is not just a matter of the systems, but the network connections and the integrated applications that are important. No one cares if the lights are flashing and the disks are spinning if the end-to-end transactions can’t take place.

When I think of these three areas, I am surprised at how these are overlooked and what new opportunities are available that are not discussed. In the testing space, most organizations have a fully occupied testing organization and may not realize the extent of testing that needs to occur when moving to the cloud. Even if it is just a move to an IaaS service, performance and functionality testing is required, let alone if they want to actually take advantage of the clouds parallel processing capabilities to perform functions more quickly. Many times the in-house organization will need to supplement their testing capabilities during the transition period. These extra resources allow for higher quality testing and can help with understanding of the new environment as well.

Cloud security is the one area that really worries organizations. In many cases it is because they have relied on the physical structures of the compute center to provide a (false) feeling of security. Although this is an important issue to everyone, some industries have their own set of rules and regulations (e.g., Hipaa, PCI) . Understanding those rules and what they are trying to address will strengthen everyone’s security understanding. Security thoughts need to be expanded to disaster recovery and business continuity as well. Just because a cloud provider has 99.99% availability within their data center, it doesn’t mean your service has that level of availability end-to-end.

The one area that I don’t think is getting adequate coverage in the cloud area is the user interface consistency needs. We can’t expect to put a hodgepodge of in-house and vendor provided interfaces in front of the user community and expect high productivity. There are cases when it can happen and the cost of consistency may be too high, but I rarely hear organizations plan for it as an issue.

Although cloud activities may have a great deal of similarities to the current IT environment, numerous active decisions will need to be made, don't expect a passive approach to cut it.

Steve Simske is an HP Fellow and Director in the Printing and Content Delivery Lab in Hewlett-Packard Labs, and is the Director and Chief Technologist for the HP Labs Security Printing and Imaging program.